Google Cloud Hacking Red Team Perspective!
Cloud Security Podcast2 Aug 2023

Google Cloud Hacking Red Team Perspective!

Google cloud hacking or pentesting is very different to other popular cloud service providers like aws or azure. In this episode we had Shannon McHale (Mandiant now Google Cloud) to talk about how she approaches pentesting a google cloud environment and how you can too.


Episode YouTube: ⁠ Video Link⁠⁠⁠


Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Shannon McHale's Linkedin ⁠⁠⁠⁠(⁠Shannon's Linkedin⁠)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠


Spotify TimeStamp for Interview Questions

A word from our sponsors - you can visit them on ⁠⁠⁠⁠⁠⁠⁠snyk.io/csp⁠⁠⁠⁠⁠⁠⁠


(00:00) Introduction

(03:38) A bit about Shannon McHale

(05:31) What is Red Teaming?

(06:42) Red Teaming in the Cloud

(07:50) Methodology behind Red Teaming

(09:32) Pentesting in Goole Cloud

(10:28) Low hanging fruits in Google Cloud

(14:36) GCP storage

(16:09) Red Team Assessment in Google Cloud

(17:08) The importance of Metadata

(18:17) Recommendations for Blue Teamers

(22:03) How to get started in Red Teaming?

(26:06) Tools or Research that stood out for Shannon

(27:42) GCP Resources that can be exposed

(29:15) Resources to learn about Cloud Red Teaming

(30:37) The Fun Questions


These are some of the resources Shannon found helpful to learn about Pentesting in Cloud along with her own GitHub link

See you at the next episode!

Episoder(344)

API SECURITY BEST PRACTICES 2022

API SECURITY BEST PRACTICES 2022

In this episode of the Virtual Coffee with Ashish edition, we spoke with Corey Ball (Corey's Twitter) about what does API in a modern software stack looks like and how these can be attacked and protec...

5 Sep 202239min

BlackHat Defcon 2022 - The Cloud Security Edition

BlackHat Defcon 2022 - The Cloud Security Edition

Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, Cloud Talks and Training from Hacker Summer Camp - Blackhat Defcon Diana Initiative BSides Vegas 2022. Blog with li...

28 Aug 20221h 2min

HOW TO Threat Model Digital Applications in Cloud

HOW TO Threat Model Digital Applications in Cloud

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jeevan Singh (Jeevan's Linkedin) about Threat Modelling STRIDE Threat Modelling can be used for self service Application runnin...

21 Aug 202259min

HOW TO SECURE CONTAINER ENVIRONMENT FOR FINANCIAL SERVICES

HOW TO SECURE CONTAINER ENVIRONMENT FOR FINANCIAL SERVICES

In this episode of the Virtual Coffee with Ashish edition, we spoke with Karthik Ramamoorthy (Karthik's Linkedin) about Container security with NIST Framework for financial services organizations. Epi...

7 Aug 202255min

AWS ReInforce 2022 Recap & Highlights

AWS ReInforce 2022 Recap & Highlights

Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, meh moments and in person experience from AWS ReInforce 2022. Twitter Space with Cloud Security Community about the...

2 Aug 202253min

Fundamentals of AWS Cloud Security Assessment

Fundamentals of AWS Cloud Security Assessment

In this episode of the Virtual Coffee with Ashish edition, we spoke with Cassandra Young (@muteki_rtw) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Ho...

30 Jul 202249min

So Now You Know!

So Now You Know!

Special Episode by Shilpi and Ashish announcing the 1 year partnership with Snyk and what does this mean for the podcast community - you and also for Ashish and Shilpi. The new Architecture series we ...

28 Jul 202218min

HOW TO SECURE AWS CLOUD ENVIRONMENT FOR HEALTHCARE

HOW TO SECURE AWS CLOUD ENVIRONMENT FOR HEALTHCARE

In this episode of the Virtual Coffee with Ashish edition, we spoke with Kyler Middleton (Kyler's Linkedin) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast....

20 Jul 202255min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
tomprat-med-gunnar-tjomlid
rss-impressions-2
shifter
energi-og-klima
nasjonal-sikkerhetsmyndighet-nsm
fornybaren
teknologi-og-mennesker
elektropodden
smart-forklart
rss-ki-praten
pedagogisk-intelligens
rss-ai-forklart
rss-for-alarmen-gar
rss-heis
digital-forretningsforstaelse
rss-praktisk-proptech
rss-ki-til-kaffen